NoVoice Android malware hidden in Google Play apps
Malware Activity
Summary
Hide ▲
Show ▼
NoVoice Android malware was found hidden in more than 50 Google Play apps, exposing at least 2.3 million downloads to compromise. After installation, it used old Android vulnerabilities to seek root access, disable SELinux, and install a persistent rootkit. The malware also polled a C2 server and gathered device details to choose exploit components. Its post-compromise payload targeted WhatsApp session data, creating risk of account cloning and broader device compromise.
Related Happenings
Google rolls out Android Intrusion Logging in Android Advanced Protection Mode
Security Tool/Service
First: 14.05.2026 16:30
Last: 14.05.2026 16:30
Sources 1
About this happening:
Google has released **Android Intrusion Logging** for **Android Advanced Protection Mode**, giving **high-risk Android users** encrypted forensic logs to investigate suspected **s...
Google rolls out Android Intrusion Logging in Android Advanced Protection Mode
Security Tool/ServiceAbout this happening: Google has released **Android Intrusion Logging** for **Android Advanced Protection Mode**, giving **high-risk Android users** encrypted forensic logs to investigate suspected **s...
Android Intrusion Logging forensic logging rollout for spyware investigations
Security Tool/Service
First: 13.05.2026 09:55
Last: 13.05.2026 09:55
Sources 1
About this happening:
**Android** is adding **Intrusion Logging**, an opt-in forensic feature in **Advanced Protection Mode** that preserves device and network activity for suspected spyware compromise...
Android Intrusion Logging forensic logging rollout for spyware investigations
Security Tool/ServiceAbout this happening: **Android** is adding **Intrusion Logging**, an opt-in forensic feature in **Advanced Protection Mode** that preserves device and network activity for suspected spyware compromise...
Android 17 expands platform security and privacy protections
Security Tool/Service
First: 12.05.2026 20:00
Last: 12.05.2026 20:00
Sources 1
About this happening:
**Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...
Android 17 expands platform security and privacy protections
Security Tool/ServiceAbout this happening: **Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...
PromptSpy backdoor for Android with Gemini API automation
Malware Activity
First: 11.05.2026 16:02
Last: 11.05.2026 16:02
Sources 1
About this happening:
The **PromptSpy** backdoor for **Android** was highlighted for using **Gemini APIs** to automate device interaction, increasing the risk of unauthorized control on infected phones...
PromptSpy backdoor for Android with Gemini API automation
Malware ActivityAbout this happening: The **PromptSpy** backdoor for **Android** was highlighted for using **Gemini APIs** to automate device interaction, increasing the risk of unauthorized control on infected phones...
BirdCall Android spyware variant
Malware Activity
First: 05.05.2026 12:04
Last: 05.05.2026 12:04
Sources 1
About this happening:
The **BirdCall** Android spyware variant expanded a known **Windows** backdoor into a mobile surveillance tool with **file exfiltration** and device reconnaissance capabilities. I...
BirdCall Android spyware variant
Malware ActivityAbout this happening: The **BirdCall** Android spyware variant expanded a known **Windows** backdoor into a mobile surveillance tool with **file exfiltration** and device reconnaissance capabilities. I...
Timeline
-
01.04.2026 21:07 2 articles · 1mo ago
NoVoice found hidden in Google Play apps
Initial DisclosureMcAfee identified the NoVoice Android malware family hidden in more than 50 Google Play apps, with at least 2.3 million downloads, and said the operation shared similarities with the Triada Android trojan while not being tied to a specific threat actor. The malicious apps provided their promised functionality, used no suspicious permissions, and were later removed from Google Play after McAfee reported them to Google.
Show sources
- 'NoVoice' Android malware on Google Play infected 2.3 million devices — www.bleepingcomputer.com — 01.04.2026 21:07
- 'NoVoice' Android malware on Google Play infected 2.3 million devices — www.bleepingcomputer.com — 01.04.2026 21:07